Hi Marvin,

Good Day!

Thanks for the feedback, but why my FTD doesn't have this menu. I am using the on-box FDM and not the FMC.

Thanks,.

Sorry but you must have FMC to do this task. Without it, you cannot configure Etherchannel interfaces on an FTD device.

Source: http://www.cisco.com/c/en/us/td/docs/security/firepower/620/fdm/fptd-fdm-config-guide-620/fptd-fdm-interfaces.html

i like the whole FMC, managing all devices from one location. but i hope FTP can also be managed from the unit itself. There are cases where you dont need an FMC to manage the device. 

You can use FirePOWER Device Manager (FDM) to perform simple setup and management of an FTD device on ASA hardware and FirePOWER 2100 series.

For the 4100 and 9300 series and FTDv, you need FMC. 

Is there a comparison/matrix that showcases what is leverage with FMC versus FDM for varying hardware ?

I.e. To be more combative against Palo Alto Networks for example, from a parity perspective, it'd be nice to only run FDM with ASA w/FP.  But not if you don't get parity with FDM versus what you get with FMC.

I've pulled my information from a combination of hands-on, Cisco Live presentations, partner community information and discussions here. I've never seen a definitive matrix comparing the two.

I always recommend FMC if there's more than one firewall. :)

Can we use EtherChannel as HA/Failover interface configurtions? I have created EtherChannel interfaces on my both FTDsv(2110s) before adding them to HA via FMC but durring HA configuration, Ethernet Channel interface does not show!!! only physical interfaces are there...

You can to use an Etherchannel but you would need to dedicate the entire set of physical links  (i.e. no subinterfaces) as the failover interface must be dedicated. This would not be a use case that makes sense for most implementations.

https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-v622/firepower_threat_defense_high_availability.html#ID-2107-0000004d

Hi,

I have already added my both FTDs in FMC, I have configured Ether Channels on both FTDs ( PortChannel1 and adding interface 11 and 12 in it ) via Device Managament Center but when i try to add/configure HA for both FTDs then i am unable to see/select Etherchannel from the interface option, only visible interfaces are physical interfaces, also one more thing, i also cant see interface 11 and 12 which i added to etherchannel configuration.

Please advise if i am missing something here.

As you noted - the release notes describe the features at a high level The configuration guide further instructs how to set it up.

One note an ASA with FTD image is not an ASA with FirePOWER. When the FTD image is used there is a single compiled image and not the separate ASA software with FirePOWER software running in a module. there is only FTD software.

There will be an "on-box" manager (HTML 5 - no Java!) coming with 6.1 thus summer.

Ahh yes.. you are right [@mrhoads-cco]  .. FTD is a different image when compared to embedded FP image in greater ASA OS/Software.

Out of curiosity.. what about Security Zones in FTD 6.0.1.  Will they work when defined in FMC 6.0.1 ?

Back in FSM 5.4.1/ASA w/FP 5.4.1 they never did....

michaelgioia  

I haven't tried zones in my one little FTD box in the lab.

However I'd hazard a guess that functionality would be from the Sourcefire code base where zones have been in use and worked for quite some time vs. the ASA where zones are a relatively new construct.

I think that's correct.  Tried it today.

One last question... What about LACP defined in FMC 6.# being pushed and enacted on interfaces on FTD on ASA 55##-X units ?  Will LACP work ?

Hi

We have bough two 4120 boxes in order to migrate currently installed two ASA firewalls , we have tried the migration tool and we opened a case with Cisco TAC with no luck

Is there a way to access the FTD internal files and do the configuration from there if anyone has faced the same issue? or should I proceed with manually configure the FTD which will take a huge amount of time?

Thanks

BR,

Mohammad